Page 1

350-018 Training Material CCIE Security written

CISCO 350-018 Training Material are prepared by top certified IT profes sionals and experienced experts; who have years of experience on training IT certification learners. CISCO 350-018 Training Material cover all the know ledge points of real test. Besides, w ith Testpassport CISCO 350-018 Training Material , candidates can be confident to take CISCO 350-018 exam at testing center.

CISCO 350-018 exam features: 350-018 questions and answers Try free demo before you purchase CISCO 350-018 exam 350-018 tested and verified before publishing 350-018 exam questions with exhibits 350-018 same questions as real exam with multiple choice options

The 350-018 exam is essential and core part of CISCO certifications and once you clear the exam you will be able to solve the real life problems yourself. Acquiring CISCO certifications are becoming a huge task in the field of I.T. More over these exams like 350-018 exam are now continuously updating and accepting this challenge is itself a task. This 350-018 test is an important part of CISCO certifications. Testpassport CISCO 350-018 Training Material can make sure you pass the test.

The safer , easier way to help you pass any IT exams.

1.In order to reassemble IP fragments into a complete IP datagram, which three IP header fields are referenced by the receiver? (Choose three.) A. don't fragment flag B. packet is fragmented flag C. IP identification field D. more fragment flag E. number of fragments field F. fragment offset field Answer: C,D,F 2.Which VTP mode allows the Cisco Catalyst switch administrator to make changes to the VLAN configuration that only affect the local switch and are not propagated to other switches in the VTP domain? A. transparent B. server C. client D. local E. pass-through Answer: A 3.Which type of VPN is based on the concept of trusted group members using the GDOI key management protocol? A. DMVPN B. SSLVPN C. GETVPN D. EzVPN E. MPLS VPN F. FlexVPN Answer: C 4.Based on RFC 4890, what is the ICMP type and code that should never be dropped by the firewall to allow PMTUD? A. ICMPv6 Type 1 Code 0 no route to host B. ICMPv6 Type 1 Code 1 communication with destination administratively prohibited C. ICMPv6 Type 2 Code 0 packet too big D. ICMPv6 Type 3 Code 1 fragment reassembly time exceeded E. ICMPv6 Type 128 Code 0 echo request F. ICMPv6 Type 129 Code 0 echo reply Answer: C 5.A firewall rule that filters on the protocol field of an IP packet is acting on which layer of the OSI reference model? A. network layer B. application layer


The safer , easier way to help you pass any IT exams.

C. transport layer D. session layer Answer: A 6.Which layer of the OSI model is referenced when utilizing http inspection on the Cisco ASA to filter Instant Messaging or Peer to Peer networks with the Modular Policy Framework? A. application layer B. presentation layer C. network layer D. transport layer Answer: A 7.When a Cisco IOS Router receives a TCP packet with a TTL value less than or equal to 1, what will it do? A. Route the packet normally B. Drop the packet and reply with an ICMP Type 3, Code 1 (Destination Unreachable, Host Unreachable) C. Drop the packet and reply with an ICMP Type 11, Code 0 (Time Exceeded, Hop Count Exceeded) D. Drop the packet and reply with an ICMP Type 14, Code 0 (Timestamp Reply) Answer: C 8.In an 802.11 WLAN, which option is the Layer 2 identifier of a basic service set, and also is typically the MAC address of the radio of the access point? A. BSSID B. SSID C. VBSSID D. MBSSID Answer: A 9.What term describes an access point which is detected by your wireless network, but is not a trusted or managed access point? A. rogue B. unclassified C. interferer D. malicious Answer: A 10.A router has four interfaces addressed as,,, and What is the smallest summary route that can be advertised covering these four subnets? A. B. C. D. Answer: C


The safer , easier way to help you pass any IT exams.

11.Which two address translation types can map a group of private addresses to a smaller group of public addresses? (Choose two.) A. static NAT B. dynamic NAT C. dynamic NAT with overloading D. PAT E. VAT Answer: C,D 12.Which authentication mechanism is available to OSPFv3? A. simple passwords B. MD5 C. null D. IKEv2 E. IPsec AH/ESP Answer: E 13.Which two IPv6 tunnel types support only point-to-point communication? (Choose two.) A. manually configured B. automatic 6to4 C. ISATAP D. GRE Answer: A,D 14.Which two EIGRP packet types are considered to be unreliable packets? (Choose two.) A. update B. query C. reply D. hello E. acknowledgement Answer: D,E 15.Before BGP update messages may be sent, a neighbor must stabilize into which neighbor state? A. Active B. Idle C. Connected D. Established Answer: D 16.Which three statements are correct when comparing Mobile IPv6 and Mobile IPv4 support? (Choose three.) A. Mobile IPv6 does not require a foreign agent, but Mobile IPv4 does. B. Mobile IPv6 supports route optimization as a fundamental part of the protocol; IPv4 requires extensions.


The safer , easier way to help you pass any IT exams.

C. Mobile IPv6 and Mobile IPv4 use a directed broadcast approach for home agent address discovery. D. Mobile IPv6 makes use of its own routing header; Mobile IPv4 uses only IP encapsulation. E. Mobile IPv6 and Mobile IPv4 use ARP for neighbor discovery. F. Mobile IPv4 has adopted the use of IPv6 ND. Answer: A,B,D 17.Refer to the exhibit.

Which message could contain an authenticated initial_contact notify during IKE main mode negotiation? A. message 3 B. message 5 C. message 1 D. none, initial_contact is sent only during quick mode E. none, notify messages are sent only as independent message types Answer: B 18.Which protocol does 802.1X use between the supplicant and the authenticator to authenticate users who wish to access the network? A. SNMP B. TACACS+ C. RADIUS D. EAP over LAN E. PPPoE Answer: D 19.Which two statements are correct regarding the AES encryption algorithm? (Choose two.) A. It is a FIPS-approved symmetric block cipher. B. It supports a block size of 128, 192, or 256 bits. C. It supports a variable length block size from 16 to 448 bits. D. It supports a cipher key size of 128, 192, or 256 bits. E. The AES encryption algorithm is based on the presumed difficulty of factoring large integers. Answer: A,D


The safer , easier way to help you pass any IT exams.

20.What are two benefits of using IKEv2 instead of IKEv1 when deploying remote-access IPsec VPNs? (Choose two.) A. IKEv2 supports EAP authentication methods as part of the protocol. B. IKEv2 inherently supports NAT traversal. C. IKEv2 messages use random message IDs. D. The IKEv2 SA plus the IPsec SA can be established in six messages instead of nine messages. E. All IKEv2 messages are encryption-protected. Answer: A,B


Testpassport exams features: Various certifications are available at Famous certifications: IBM, HP, CompTIA, Oracle, Avaya, Adobe Cover over 95% of real test. Free update in one year PDF and software version Provide free demo for any certification exam Over 150 Global Certification Vendors Covered. Services of Professional & Certified Experts available via support Verified answers researched by industry experts. Practice Questions updated on regular basis

Many hot pages at Testpassport: Promotion page: How to pay page: All certifications here:

Adobe HP OMG




ISEB Juniper






CompTIA Lotus





Network Appliance


RES Software SASInstitute






350 018